cve-2025-52980
Vulnerability from cvelistv5
Published
2025-07-11 15:08
Modified
2025-07-15 19:55
Severity ?
EPSS score ?
Summary
Junos OS: SRX300 Series: rpd will crash upon receiving a specific, valid BGP UPDATE message
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Juniper Networks | Junos OS |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52980",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-11T16:05:20.829508Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-15T19:55:48.095Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"SRX300 Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "22.2R3-S4",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S3",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S2",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R2",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "22.1R1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "To be exposed to this issue the device needs to be configure to process incoming domain-path-id attributes via:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ protocols bgp ... domain-path-id receive ]\u003cbr\u003e\n\n\u003c/tt\u003e\u003cbr\u003ePlease note that Junos versions before\u0026nbsp;22.3R3-S3, 22.4R3, 22.4R3-S1, 23.2R2, 23.3R2 and 23.4R1 accept this attribute by default."
}
],
"value": "To be exposed to this issue the device needs to be configure to process incoming domain-path-id attributes via:\n\n[ protocols bgp ... domain-path-id receive ]\n\n\n\nPlease note that Junos versions before\u00a022.3R3-S3, 22.4R3, 22.4R3-S1, 23.2R2, 23.3R2 and 23.4R1 accept this attribute by default."
}
],
"datePublic": "2025-07-09T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Use of Incorrect Byte Ordering \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003evulnerability \u003c/span\u003e\n\nin the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS on SRX300 Series allows an unauthenticated, network-based attacker to cause a \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDenial-of-Service (DoS)\u003c/span\u003e.\u003cbr\u003e\u003cbr\u003e\n\n\u003cp\u003eWhen a\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003e\u003cspan style=\"background-color: rgb(251, 251, 251);\"\u003eBGP update is received over an established BGP session which contains a specific, valid, optional, transitive path attribute, rpd will crash and restart.\u003c/span\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects eBGP and iBGP over IPv4 and IPv6.\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJunos OS:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e22.1 versions from 22.1R1 before 22.2R3-S4,\u003c/li\u003e\u003cli\u003e22.3 versions before 22.3R3-S3,\u003c/li\u003e\u003cli\u003e22.4 versions before 22.4R3-S2,\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "A Use of Incorrect Byte Ordering \n\nvulnerability \n\nin the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS on SRX300 Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\n\n\n\nWhen a\u00a0BGP update is received over an established BGP session which contains a specific, valid, optional, transitive path attribute, rpd will crash and restart.\n\nThis issue affects eBGP and iBGP over IPv4 and IPv6.\n\n\n\nThis issue affects:\n\nJunos OS:\n\n\n\n * 22.1 versions from 22.1R1 before 22.2R3-S4,\n * 22.3 versions before 22.3R3-S3,\n * 22.4 versions before 22.4R3-S2,\n * 23.2 versions before 23.2R2,\n * 23.4 versions before 23.4R2."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-198",
"description": "CWE-198 Use of Incorrect Byte Ordering",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T15:08:15.638Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA100084"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003eJunos OS: 22.2R3-S4, 22.3R3-S3, 22.4R3-S2, 23.2R2, 23.4R2, 24.2R1, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue:\nJunos OS: 22.2R3-S4, 22.3R3-S3, 22.4R3-S2, 23.2R2, 23.4R2, 24.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA100084",
"defect": [
"1784353"
],
"discovery": "USER"
},
"title": "Junos OS: SRX300 Series: rpd will crash upon receiving a specific, valid BGP UPDATE message",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2025-52980",
"datePublished": "2025-07-11T15:08:15.638Z",
"dateReserved": "2025-06-23T18:23:44.545Z",
"dateUpdated": "2025-07-15T19:55:48.095Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-52980\",\"sourceIdentifier\":\"sirt@juniper.net\",\"published\":\"2025-07-11T16:15:24.647\",\"lastModified\":\"2025-07-15T13:14:49.980\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A Use of Incorrect Byte Ordering \\n\\nvulnerability \\n\\nin the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS on SRX300 Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\\n\\n\\n\\nWhen a\u00a0BGP update is received over an established BGP session which contains a specific, valid, optional, transitive path attribute, rpd will crash and restart.\\n\\nThis issue affects eBGP and iBGP over IPv4 and IPv6.\\n\\n\\n\\nThis issue affects:\\n\\nJunos OS:\\n\\n\\n\\n * 22.1 versions from 22.1R1 before 22.2R3-S4,\\n * 22.3 versions before 22.3R3-S3,\\n * 22.4 versions before 22.4R3-S2,\\n * 23.2 versions before 23.2R2,\\n * 23.4 versions before 23.4R2.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de ordenamiento incorrecto de bytes en el daemon de protocolo de enrutamiento (rpd) del sistema operativo Junos de Juniper Networks en la serie SRX300 permite que un atacante no autenticado basado en la red provoque una denegaci\u00f3n de servicio (DoS). Cuando se recibe una actualizaci\u00f3n de BGP a trav\u00e9s de una sesi\u00f3n BGP establecida que contiene un atributo de ruta transitiva espec\u00edfico, v\u00e1lido y opcional, el rpd se bloquea y se reinicia. Este problema afecta a eBGP e iBGP sobre IPv4 e IPv6. Este problema afecta a: Junos OS: * versiones 22.1 a partir de 22.1R1 anteriores a 22.2R3-S4, * versiones 22.3 anteriores a 22.3R3-S3, * versiones 22.4 anteriores a 22.4R3-S2, * versiones 23.2 anteriores a 23.2R2, * versiones 23.4 anteriores a 23.4R2.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X\",\"baseScore\":8.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"LOW\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"YES\",\"Recovery\":\"AUTOMATIC\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"MODERATE\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-198\"}]}],\"references\":[{\"url\":\"https://supportportal.juniper.net/JSA100084\",\"source\":\"sirt@juniper.net\"}]}}"
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.